Thursday, April 27, 2017

So, we’ve been kind of proud of the way we have built the BuildingLink database, to be extensible by letting customers add their own data fields – whether to physical apartments, leases, personal dates, and data. You’ve made great use of this function – adding a total of 21,470 custom fields to date!

But, you’ve been letting us get away with “custom field murder” … we’ve only given you two types of fields: a text box field, and a date field.

Seriously?

Okay, well today we are going to start to make it up to you, with the FIRST of THREE really useful Custom Field Updates.

Custom Field Update #1 - New Data Types

We have two words for you: Boolean …. and ... Numeric!

BOOLEAN: When you go to define your custom fields, you can now select a Boolean type (see Wikipedia – or just think “true/false, yes/no, or on/off) and have users select between your two choices with a quick radio button click: “Is this person a health club member? ( ) Yes ( ) No”

Pretty simple, right? Bet you can’t believe we didn’t have that yet. – Well, we didn’t!

NUMERIC: You can define a numeric field for your numbers instead of using a general input field. Why? So you can specify cool “number-like things”:

Numeric data types will allow you to limit a field to only accept numbers, and to include currency symbols and decimal places. This is particularly useful for tracking information about monthly dues, rent amounts, square footage, number of shares – or any fields that should be used specifically to track numeric data.

Custom Field Update #1A – New Input Formats for Text Fields

And now, we have just four words for you: Drop down and RadioButton!

It’s been great having text boxes for your custom fields, where you can enter anything you like for any resident record. But what if you don’t WANT to be able to enter anything you’d like? What if you are just tired of typing in the same values over and over again? Well, then you are the reason we have added two new “Input Formats”, giving you three to choose from now:

TEXT BOX: Sometimes, you need the complete flexibility to type anything you want into a blanktext box. This can range from tracking specific details about a unit’s construction, to writing in a Resident’s Access Card or Key FOB number. Our standard text box data-type will continue to accommodate these use cases.

DROP DOWN: However, other information needs to be tracked in a more standardized way – usually if there is a specific list of options that could answer a given question. Our new drop down list data-type allows you to define what options are available for a specific field, limiting the range of options to standardize your data, while allowing enough flexibility for you to capture the information that you need! You might use this display mode to define the condition of a piece of equipment (i.e. Dishwasher: (New, Good, Worn, Replace)) or, to track something’s state (i.e. Membership Dues: (Paid in Full, Partial Payment, Due, In Arrears)).

RADIO BUTTON: Finally, our new radio button display option will best be utilized in cases where there are a few possible options to choose from, like marking an apartment as 1, 2, or 3 bedrooms, or indicating a resident’s preferred greeting (was that Ms., Mrs., or Miss?).

Okay, so that’s the FIRST of THREE really useful Custom Field Updates. (You did remember that we promised you three, right? Stay tuned for the next update, in about 2-3 weeks. It is a mucho powerful one!

Wednesday, April 26, 2017

Property management depends on having both fluid and timely access
to data – whether for payments and arrears, maintenance work, moves, and a
host of other events that take place in a building or for pertinent resident
information. At the same time, data privacy regulations and
expectations call for limits on access to personal data to
keep it protected.

Integrity and trust are at the core of BuildingLink. We are
dedicated to ensuring that the right data gets to the right people at the right
time, and we are taking every measure possible to ensure our clients’ personal
data and privacy is protected. With BuildingLink’s growing worldwide presence,
we’ve seen an increased emphasis – both market-driven and regulatory – on
ensuring client data protection and data access controls.

While everyone is entitled to an expectation that their personal
data is protected, property managers of buildings located in the EU and Canada
have an extra bar to clear regarding what they do with, and where they put,
their residents’ data. This update is aimed at advising all
clients, and especially EU and Canadian clients, how BuildingLink helps them
meet that bar.

'Layering on' BuildingLink Data Protections

We’ve built (and continue to improve) our platform with your
privacy in mind, by creating multiple “layers” of customizable options for
crafting data access, use, and privacy rules that work for your property. At
the lowest level, the platform provides controls for physical access to
the BuildingLink site and data. All users are limited to logging in
only to specific computers in specific physical locations via our “authorized
computers” module. At a more micro level, you can set up niche, customized data
access permissions for owners, managers, renters, and employees, according to
what they need to perform their functions. For example, elevator
operators could be given one level of access, while maintenance workers
could be given another, according to the situation requirements.

BuildingLink screen options enable contact functions without
revealing contact information. In this way, it is
possible to email a resident without divulging their email address, or call a resident without disclosing their phone
number or other personal information. For further data protection, you can
set up a system that flags data access and changes. It is possible
to track the disclosure and integrity of data by enabling notifications
upon access to, or modification of, data. (One possibility is setting up the
system to send out an email to residents when any of their personal data
is modified!)

Taking Your Software to Europe? Don't Forget Your "Privacy
Shield"!

Maintaining balance to the extent that satisfies international
data transfers across the Atlantic also requires an understanding of the law
and what being compliant entails. It’s important to be up-to-date on data
privacy
because some major changes have just come into
effect. The EU – U.S, Privacy Shield replaced Safe Harbor as the
standard for sanctioned transfers of personal data between the
European Union and the United States.

A Really Brief History Lesson: The Rise and Demise of
Safe Harbor

From 2000 to 2015, the Safe Harbor Agreement governed the legal
transfer of personal data from EU member countries to the United States.
However, concerns about U.S. government surveillance programs – and the way social media companies transferred
personal data across the Atlantic – brought
the program’s effect into question.

These concerns were at the center of a suit brought by an Austrian Facebook user,
Max Schrems, that was referred by
the Irish High Court to the European Court of Justice (ECJ) in June
2015 (case number: C-362/14). He argued that the United States does not
provide “adequate protection”, and that U.S.
surveillance programs like the NSA’s PRISM run counter to individual data
protection.

The court agreed with the plaintiff, and invalidated the Safe
Harbor Agreement.

Privacy Shield to the Rescue

In February 2016, the EU Commission announced
the new framework called EU-U.S. Privacy Shield, and
released the requirements for its certification. As of August 1,
2016, American companies could certify themselves as compliant.

Privacy
Shield is a new program that provides a framework for the transfer of data from
the European Union to the United States. (It replaces the recently invalidated
Safe Harbor Principles.) There are several guidelines that a company must
adhere to and include in their privacy policy in order to be certified under
this shield. The goal is to safeguard private user information, and prevent the
unauthorized dissemination of data. While certification under the EU–U.S.
Privacy Shield is voluntary, once a company does certify, those guidelines are
enforceable by law. This assures EU users that their personal information will
be safe and secure in any data transfer to a certified U.S. company.

What's the Same and What’s Different about “Privacy Shield”?

Though it’s a new program, the core of Privacy Shield is
the same as that of Safe Harbor. Both were established as a
self-certification program based on seven primary principles for legal data
transfers: (1) notice, (2) choice, (3) accountability for onward transfer, (4)
security, (5) data integrity & purpose limitation, (6) access, and (7)
recourse. However, in light of Safe Harbor’s shortcomings, there
are additional avenues for enforcement, including notice, opt-out options,
reviews, an independent ombudsman, and EU citizens’ enhanced redress options.

Accordingly, any business that aspires to certification must
publicize its data management policy on its site, and then conform to
it in its day-to-day practices. This doesn’t mean
that it is etched in stone forever! The company can make
changes, so long as it notifies the people whose data it collects in advance.
If it fails to provide that notice, the FTC can take it to task. Along with the
notice about its practices, the company has to provide a way for people to
opt-out if they are not comfortable with the way their data is to be
handled.

Additional enforcement comes through the new supervision mechanism
that stipulates compliance reviews by the U.S. Department of Commerce. The
consequences for not being found in compliance could extend from
sanctions by the FTC to removal from the list of Privacy Shield
approved businesses. Another external check on compliance comes in the
form of a new privacy ombudsman, who can hear complaints and queries from EU
citizens. This is an important component of the program. It promises that
Europeans will have different channels for communicating their concerns about
their data usages.

BuildingLink is proud to say that we fully live up to the Privacy
Shield principles, and are listed among the
certified Privacy Shield entities.Heading North of the border? Say hello to PIPEDA!

Canada
has its own set of regulations governing data privacy requirements.
The Personal Information Protection and Electronic Documents Act (PIPEDA or
the PIPED Act) governs how private sector organizations collect, use, and
disclose personal information in the course of commercial business. In the
real estate property management space, this has implications for both property
managers and software products aimed at those managers. As one example,
BuildingLink has added a series of data-aging filters to restrict access to
resident activity data that is older than 30 days. The good news is, you
don't have to be Canadian to take advantage of our data-aging filters. –
They are an option for all BuildingLink clients!

The Data-Privacy BOTTOM LINE: What is Expected of You

Being compliant really boils down to this: be clear about what
personal data comes through your system – and how you are using it – so that
people
fully understand,
and cannot later say they didn’t realize that
their data was being collected. Keep up the
code of conduct you set! If you have to deviate due to some change in your
business operations, provide people with clear notice, so they may
choose to opt-out.

The
above – and additional options – are all available on BuildingLink’s
flexible platform, which allows the site manager to make sure that all data
access and data use is purpose-built. Our BuildingLink team is
happy to work with you to deliver a solution that is optimized to
achieve your preferred balance of convenience and security. Contact us at support@buildinglink.com to learn more.

Friday, April 14, 2017

Companies,
privacy watchdog organizations, and many private citizens are figuring out
the implications of the recent action by the Trump administration. This act was to roll back
the FCC regulations regarding what internet providers can do with your internet use, browsing history, and data.

An
interesting article by Stacey Higginbotham discusses the
question of what this “freedom to use private data” means, specifically for the
smart homes and smart things (IoT) sector.

Because ISPs know your IP address
and can associate it with your physical address, many of the installed devices
on your home network are indelibly tied to your name.

So the ISPs know you have a Nest, a Wink hub, a Chamberlain MyQ garage door
opener, and now if they want they can share that information with marketers.
What's more concerning is whether or not an ISP can see the specifics of your
home IoT devices. Do they know when your motion sensors are triggered or what
temperature it is inside your home?

Stacey
also explains exactly what can and cannot be discovered by your internet
provider, about what’s going on in your smart home. An interesting
read!

She recommends this:

Look for connected devices that
encrypt your data from the device to the cloud.

This provides us with an opportunity to inform our users that our Aware by BuildingLink® sensor systems for residential buildings does just
that! All our sensors
use 128 AES encryption on all data packets to and from sensors to hub,
and our hub-to-cloud connection utilizes an SSL protocol. Our aim is to build solutions for our clients that
are useful, easy to deploy, but also very secure.